mochabin/mwifiex
1
0
Fork 0
mirror of https://github.com/nxp-imx/mwifiex.git synced 2024-06-01 00:29:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Issue: WCSWREL-352 Fix for driver kernel panic with use after free print

Browse source 
[Description]
Accessing "pmbuf" after mlan_send_packet results in kernel panic with
"use after free" print.

[Fix]
Moved the link layer statistics related code which accesses "pmbuf" to
the front of mlan_send_packet function.

Signed-off-by: Meet Patel <meet.patel@nxp.com>
This commit is contained in:
Meet Patel 2022-06-24 00:47:49 +05:30 committed by yunjie
parent 3a50175cae
commit 64421ad41f
1 changed files with 10 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
mxm_wifiex/wlan_src/mlinux/moal_main.c
View file

@ -7055,9 +7055,6 @@ static int woal_start_xmit(moal_private *priv, struct sk_buff *skb)
index = skb_get_queue_mapping(skb);
#endif
status = mlan_send_packet(priv->phandle->pmlan_adapter, pmbuf);
switch (status) {
case MLAN_STATUS_PENDING:
if (is_zero_timeval(priv->phandle->tx_time_start)) {
priv->phandle->tx_time_start.time_sec =
pmbuf->in_ts_sec;
@ -7067,6 +7064,10 @@ static int woal_start_xmit(moal_private *priv, struct sk_buff *skb)
priv->phandle->tx_time_start.time_sec,
priv->phandle->tx_time_start.time_usec);
}
status = mlan_send_packet(priv->phandle->pmlan_adapter, pmbuf);
switch (status) {
case MLAN_STATUS_PENDING:
atomic_inc(&priv->phandle->tx_pending);
#if LINUX_VERSION_CODE > KERNEL_VERSION(2, 6, 29)